Census Cybersecurity Policy Analyst Lead - Military veterans preferred

2021-05-25
ManTech (www.mantech.com)
Other

/yr

  full-time   employee


Washington
District of Columbia
20528
United States

Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first.  At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented Cybersecurity Policy Analyst Lead to join our team in the Washington, DC.

Responsibilities include, but are not limited to:

The successful candidate will oversee a team of cybersecurity professionals who work with the USCB team to design, develop, and perform risk management policies and procedures based on guidance from the FISMA and OMB Circular A130; Current versions of NIST Special Publication (SP) 800-37, SP 800-30, SP 800-39, and SP 800-53; and the Federal Information Security Management Act of 2002 within Federal Information Processing Standard Publication (FIPS) 199 and 200; as well as federal authorities to do so.

The USCB’s Information Technology Security Program Policy (ITSPP) was developed in accordance with DOC’s Information Technology Security Baseline Policy (ITSBP) and governs the USCB’s cybersecurity program and practices. This comprehensive approach adapts to the changing cyber threat landscape and provides decision-makers with a holistic view of risks, enables compliance with federal laws, regulations, and standards (i.e., FISMA and NIST SP 800-37), and meets its mission by protecting the USCB’s information systems against risks of loss, misuse, or unauthorized access.

  • Review, analyze, and update USCB IT, cybersecurity and privacy policies and procedures in accordance with applicable federal laws, regulations, and standards that consider unique business objectives;
  • Provide guidance and support in policy development, review, preparation of final reports, and additional program elements requiring policy expertise;
  • Coordinate with stakeholders, system owners, and USCB executive leadership to ensure implementation of practical and achievable policies and procedures;
  • Document recommendations, considering the USCB best interests, identifying improvements to legal and regulatory compliance based on cost benefit analyses and the ability to meet the security requirements;
  • Present executive briefs to USCB leadership and stakeholders;
  • Utilize the Census accredited Enterprise Governance, Risk, and Compliance (eGRC) tool to manage risk effectively and efficiently;
  • Regularly communicate both formally and ad hoc with various stakeholders in order to respond and meet federal reporting requirements;
  • Design, analyze, and implement elements of the ITSPP, as directed, and support the ITSPP in accordance with DOC ITSBP as identified in Section F.6 Deliverables;
  • Prepare Policy Reports outlining the proposed recommendation and Chief Information Officer (CIO) and OIS directives as identified in Section F.6 Deliverables;
  • Maintain and update the OIS internal policy SharePoint site or applicable document management and storage system where information security policies and procedures, guidelines, directives, templates, and relevant documents.

Basic Qualifications:

  • Master's, Ph.D. in IT security management, IT management, information security, political science, business management, communications, public administration with cybersecurity experience.
  • Possess the abilities, knowledge, skills, tasks, and capabilities described in the Work Roles for Cyber Workforce Developer and Managers (OV-SPP-001) and Cyber Policy and Strategy Planners (OV-SPP-002) outlined in the Attachment J-2, NICE Work Role Framework;
  • 8-10 years of experience in Cybersecurity and Policy in addition to certification in Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and Project Management Professional (PMP);
  • Possess experience in analyzing work products and recommending corrective actions if necessary, to deliver at the specified quality level.
  • Additional certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, authentication, authorization, and accountability, cryptography foundations, information security and risk management principles, network foundations, information security governance, security program development and management, incident management, BSI (Balance Score Card Indicator).

Preferred Qualifications:

Skills and experience in the following areas -

  • Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
  • Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
  • Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
  • Develop policy, programs, and guidelines for implementation.
  • Establish and maintain communication channels with stakeholders.
  • Evaluate cost/benefit, economic, and risk analysis in decision-making process.
  • Identify organizational policy stakeholders.
  • Review existing and proposed policies with stakeholders.
  • Serve on agency and interagency policy boards.
  • Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
  • Conduct learning needs assessments and identify requirements.
  • Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards.
  • Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.
  • Develop and implement standardized position descriptions based on established cyber work roles.
  • Develop and review recruiting, hiring, and retention procedures in accordance with current HR policies.
  • Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers.
  • Develop or assist in the development of training policies and protocols for cyber training.
  • Ensure that cyber career fields are managed in accordance with organizational HR policies and directives.
  • Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
  • Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel.
  • Establish and oversee waiver processes for cyber career field entry and training qualification requirements.
  • Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields.
  • Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements.
  • Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.
  • Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
  • Review and apply cyber career field qualification standards.
  • Review and apply organizational policies related to or influencing the cyber workforce.
  • Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
  • Support integration of qualified cyber workforce personnel into information systems life cycle development processes.
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
  • Analyze organizational cyber policy.
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
  • Correlate training and learning to business or mission requirements.
  • Define and integrate current and future mission environments.
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
  • Draft, staff, and publish cyber policy.
  • Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
  • Seek consensus on proposed policy changes from stakeholders.
  • Provide policy guidance to cyber management, staff, and users.
  • Review, conduct, or participate in audits of cyber programs and projects.
  • Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media).
  • Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security Support the CIO in the formulation of cyber-related policies.
  • Review and approve a supply chain security/risk management policy.
  • Develop policy, programs, and guidelines for implementation.
  • Establish and maintain communication channels with stakeholders.
  • Review existing and proposed policies with stakeholders.
  • Serve on agency and interagency policy boards.
  • Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
  • Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
  • Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
  • Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
  • Analyze organizational cyber policy.
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
  • Define and integrate current and future mission environments.
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
  • Draft, staff, and publish cyber policy.
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
  • Seek consensus on proposed policy changes from stakeholders.
  • Provide policy guidance to cyber management, staff, and users.
  • Review, conduct, or participate in audits of cyber programs and projects.
  • Support the CIO in the formulation of cyber-related policies.

Security Clearance Requirements:

  • None

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.